Highlighted

After migration from http to https, all the scheduled tasks stopped running. But URL runs in browser successfully

New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

I am using Cold Fusion MX7 on one of many application.

After the migration from http to https, all the scheduled tasks shows below error while executing from scheduled task in cf administrator :

There was an error running your scheduled Task, Reason for which scheduled tasks might fail include:

>The URL is a redirection URL

>The URL is protected by IIS NT Challenge/Response or Apache .htaccess password. The Username and Password text fields for editing a scheduled task are intended to support Basic Authentication Only.

>The Domain Name lookup failed. Try using the IP address of the domain whenever possible.

> The URL is a n SSL site, but the SSL port was specified incorrectly.

>The web site is not responding.

>The directory specified for published results does not exists.

Below are the observations against above error points.

*The URL saved in scheduled tasks have https protocols- hence its not a redirection URL.

*The URL does not asks for any authentication.

*Domain name is correct as its been used since years.

*the ssl port is 443 and the website was responding

* No directory is specified to publish result. As when its specified, and the task is run from CF-ADMIN, it shows scheduled task run successfully. However the published output file says- "connection failure" and nothing runs in actual.

However when the same URL is executed in browser, there is no error and the whole task run smoothly.

Can any one help ?

Views

2.2K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

After migration from http to https, all the scheduled tasks stopped running. But URL runs in browser successfully

New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

I am using Cold Fusion MX7 on one of many application.

After the migration from http to https, all the scheduled tasks shows below error while executing from scheduled task in cf administrator :

There was an error running your scheduled Task, Reason for which scheduled tasks might fail include:

>The URL is a redirection URL

>The URL is protected by IIS NT Challenge/Response or Apache .htaccess password. The Username and Password text fields for editing a scheduled task are intended to support Basic Authentication Only.

>The Domain Name lookup failed. Try using the IP address of the domain whenever possible.

> The URL is a n SSL site, but the SSL port was specified incorrectly.

>The web site is not responding.

>The directory specified for published results does not exists.

Below are the observations against above error points.

*The URL saved in scheduled tasks have https protocols- hence its not a redirection URL.

*The URL does not asks for any authentication.

*Domain name is correct as its been used since years.

*the ssl port is 443 and the website was responding

* No directory is specified to publish result. As when its specified, and the task is run from CF-ADMIN, it shows scheduled task run successfully. However the published output file says- "connection failure" and nothing runs in actual.

However when the same URL is executed in browser, there is no error and the whole task run smoothly.

Can any one help ?

Views

2.2K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 18, 2017 0
Advocate ,
Oct 18, 2017

Copy link to clipboard

Copied

This is normally due to CF not being able to process the SSL certificate on the HTTPS request.

Normally you add the SSL certificate to the java cert store to get it working - Import certificates to Adobe ColdFusion's truststore

Using CF 7 though, this may or may not be possible.

Is this request to a url on your local server or a remote request to another site?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 2
New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

Thanks for your response haxtbh !

I would try doing the import certificate. When you doubt on this , does MX7 not compatible to this process of certificate import ?

This request is to a remote server where the site is hosted.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 0
Most Valuable Participant ,
Oct 18, 2017

Copy link to clipboard

Copied

Depending on where your certificates originate from (well-known provider vs. self-signed), this may or may not be possible.  Also, current versions of the Java JVM/JDK include updated cacerts trusted providers - but older versions of Java (such as the versions MX7 is compatible with) are likely to be missing many trusted providers.  You really need to consider moving to currently-supported and patched versions of ColdFusion (ideally CF 2016) and Java (Java 8) to protect against numerous security vulnerabilities.  If you can't afford to upgrade your ColdFusion licenses, then at least consider switching to the current release of the open-source Lucee CFML engine.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 1
Advocate ,
Oct 18, 2017

Copy link to clipboard

Copied

If it is a remote server you are doing the call to, there could be an issue with TLS / SSL.

Your CF7 most likely is not supporting TLS 1.0 and above (TLS 1.1 and above should be where its at)

The remote host could have disabled SSL 2/3 and TLS 1.0 for security reasons.

Realistically the only smart move is to do what Carl has mentioned and update

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 2
New Here ,
Nov 19, 2017

Copy link to clipboard

Copied

This type of answer is why people are not interested in CF any longer. Upgrade, thats the answer? You would think SSL is important to support? I am really beginning to hate ColdFusion.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 19, 2017 0
New Here ,
Nov 19, 2017

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 19, 2017 0
Most Valuable Participant ,
Nov 20, 2017

Copy link to clipboard

Copied

I don't think that tone was necessary.  Technology is always advancing forward.  It is not reasonable to expect software that was written more than 10 years ago (CF7) and has not been receiving updates for almost that long to be able to support current standards (SSL/TLS1.2).  Same goes for the version of Java that CF7 ran on (Java 4 aka 1.4).   Do you still run Windows XP and expect all current versions of software to run on it, and for it to be secure?

And as I stated, if you can't afford to upgrade, there are open-source alternatives that are free of cost.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 20, 2017 1
Adobe Community Professional ,
Nov 20, 2017

Copy link to clipboard

Copied

Like Carl said, CF 7 is over ten years old. If you get angry when you have to upgrade it after getting ten years of use out of it, you have a pretty unrealistic view of computers. And on a side note, I think it's kind of funny you'd mention "SSL" considering that SSL is actually no longer a supported technology - it's long been replaced by TLS.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 20, 2017 1
Adobe Community Professional ,
Nov 20, 2017

Copy link to clipboard

Copied

If you don't want to upgrade, or mess around with your Java keystore, there is a simple alternative. Since you control the web server, simply create a listener on your web server that doesn't use HTTPS, and make it only listen on localhost.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 20, 2017 0
New Here ,
Nov 21, 2017

Copy link to clipboard

Copied

This is not an option for the environment I am developing in. I just question Adobe's commitment to something so simple

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2017 0
Most Valuable Participant ,
Nov 21, 2017

Copy link to clipboard

Copied

Do you really expect any company to go back 5 versions of software (CF7 has been out of support for at least 8 years, and was actually a MacroMedia product before Adobe bought MacroMedia) and incorporate 10 years of updates/patches so it will run on current versions of operating systems and Java (because you'd need to be able to use at least Java 7 (1.7) to support all the newer SSL/TLS standards)?  That's completely unrealistic.  Do you expect Microsoft to keep updating Office 97 or Windows 95?

I understand the frustration if you're being forced to continue maintaining a CF7 installation - but the frustration should be directed at those in your company/organization who won't keep software up-to-date, not the company who has updated their products to support current standards and security.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 21, 2017 1
New Here ,
Nov 22, 2017

Copy link to clipboard

Copied

Thank you Carl, This issue persists in CF11. YES, I would fully expect a company to update their code base to support https with a core function. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 22, 2017 0
Adobe Community Professional ,
Nov 25, 2017

Copy link to clipboard

Copied

Richard, this is your first mention of cf11 in this thread. Are you saying you have now installed CF11 (on the same machine or perhaps another) and run your scheduled task calling an https url and it's still failing?

If so, there's still one possible explanation for your ongoing challenge: CF11 (the original installer) came with Java 1.7 (Java 7). And as Carl mentioned, the SSL/TLS problem may go away for you with CF running Java 8, as some SSL/TLS issues have to do with a failure of Java 7 to support the needed specific protocol, or may be due to certificates. (And your browser tests may work because the browser is updated whereas the Java within CF11 was not.)

The good news is that it's pretty easy to get and install a Java 8 JDK and update CF to point to it. And Adobe have blogged how to do it at various times in CF's history, as have others  FWIW, I've done a post on resolving common problems when TRYING to update the jvm that CF uses, which you may want to have in your pocket if/when you may try it, if this is your issue.

And if it is your issue and the solution, then before you may decry Adobe "forcing you" to do deal with this need to update to Java 8, note that later CF11 installers and of course CF2016 DO come out of the box with Java 8. So while you may be of the opinion that Adobe has left you in this situation, it really seems just a series of unfortunate events for you.

You have some senior CF people here trying to help. If you work with us we'll work with you to try to get this resolved for you.

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 25, 2017 0
Enthusiast ,
Nov 27, 2017

Copy link to clipboard

Copied

I will add to Charlie's suggestion of updating the JVM to Java 8 - that should be the first thing to try when you cannot connect to a HTTPS url. The gut reaction of many is to import the cert into the keystore, while this may fix the problem in some cases you will find updating the JVM is a better long term solution. The list of trusted certificate root authorities change throughout the years so new certificates are added from time to time, updating the JVM is an easy way to fix this. Some root certificates are also revoked from trust due to various issues so if you do not update the JVM you may be trusted certificates that you should not.

I will add a second thing to check which I see a lot - many sites have not configured the intermediate certificates properly. You can use a site like this to check: What's My Chain Cert?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Nov 27, 2017 0